Privacy Notice for Data Subjects

This Privacy Notice (“Privacy Notice”) is intended for anyone who wishes to review, modify, restrict or take ownership of the information that FullContact might have on them, as well as understand how FullContact uses that information. Additional information for FullContact Users can be found in the Privacy Policy.

Overview

FullContact's core purpose is to make relationships better. In today's fast-paced and multi-layered world, keeping up with everyone you know both online and offline can prove daunting. Discovering, building, and cultivating authentic relationships with the people that matter most to you, both personally and professionally, is hard with our data scattered and fragmented all over the digital world. Most of us also expect the companies that we interact with to treat us like humans and know who we are as a person, not cogs in some machine. Sometimes, having the right information at the right time makes all the difference.

You can think of FullContact as the "phone book" for the modern digital world. We do our best to bring together contact information from a variety of public sources (such as is available on the Internet through a simple Google Search) and combine it with contact information that our users contribute (similar to Wikipedia). We couple that with powerful tools for individuals and companies to manage their contacts.

We aim to have the most complete, accurate, and up-to-date record we can for each person in our "phone book" (also known as the "FullContact Database"). The types of information we may keep track of include contact elements such as name, address, phone number, email, social profiles, and device IDs. We often also have professional information (such as organizational affiliations, job titles, and skills) as well as personal information (such as interests, relationships, and basic demographic data like age, gender, and location). In many cases we may also find associated profile photos.

All of this information is intended to help the people and companies you interact with to know you better and be able to develop true and meaningful relationships with you. Based on the information someone already has on you, they might look you up in our system and get back some additional information. However, we never share the information that is dearest to your individual privacy: your home addresses, personal email addresses, or your personal phone numbers, unless you have given us your specific and unequivocal permission to share that information or we have secured the information via pseudonymization (e.g., through cryptographic hashing). That means, for example, that a company would not be able to know your personal email unless you have given us your explicit permission or had provided your personal email previously to them.

The information in our system also helps the people and companies you interact with to clean up their own "address books" so that they don't have information about you scattered across multiple systems and devices and so that they don't connect with you multiple times, through different channels, with information that its is entirely irrelevant to you . We help our people and companies to gather their existing information into clean contact records for each individual they know.

We also allow people or companies to search in our system for individuals who meet certain criteria. For example, a professional who's trying to find an expert in their field can use our Services to find the right person. Similarly, an organization could search for the most appropriate audience for their offerings. However, unless you have given us your specific permission, or we have secured the information via pseudonymization (e.g., through cryptographic hashing), we will not provide home addresses, personal email addresses, or personal phone numbers.

In all cases, our goal is to help people and companies make better, more valuable connections. We recognize, however, that not everyone is comfortable sharing their contact information with others. For this reason, anyone can take ownership of their information in our system at any time here: Own Your Personal Data

Actually, we hope that you do choose to take ownership of your information and help keep our "phone book" as accurate and up-to-date as possible. It is only through the contributions of people like you that we can provide this valuable service to you and everyone else. Our dream is to have everyone owning their data, fully controlling where it flows, and seeing better relationships in return. We may ask in time for your consent to use that data but as of right now we shall keep our “books open” and you can restrict processing of some parts or all of your data. Period. Please reach out at any time with any ideas on how we can serve you better.Own Your Personal Data

Your Rights

Anyone, in any country across the world, may access, rectify, or restrict their Personal Data within FullContact Database at any time by visiting Own Your Personal Data. Please note that we may ask you to verify your identity before taking action on your request. If you ask us to erase your data, we may still have to retain certain data about you to ensure that your Personal Data does not re-enter our system and protect your rights. Specifically, we will mark your Personal Data as "hidden" and "restrict processing" such that your data is no longer used or made available to anyone.

California Privacy Rights

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses that share customer personal information with third parties for the third parties’ direct marketing purposes to respond to requests from California customers asking about the businesses’ practices related to such information-sharing. Alternately, such businesses may have in place a policy not to disclose a customer’s personal information to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place. As described in Section 8.2 of the Privacy Policy, you can opt-out of our sharing of your personal information with anyone (including with third parties for the third parties' direct marketing purposes) by clicking on the “Own Your Personal Data” in that section of our Privacy Policy and choosing to "Do Not Share". To find out more about your opt-out rights, please contact us at the address listed in Section 11 of the Privacy Policy. Please note that under California law businesses are only required to respond to a customer making such a request once during any calendar year.

General Data Protection Regulation (GDPR)

Individuals in the EU may exercise any of the rights described in this section by using the applicable functionality in our Services or by contacting us directly. If you reside outside of the European Union, you may have similar rights under your local laws.

The purpose for processing, categories of Personal Data concerned, and categories of recipients of Personal Data are described in the "Overview" section above. Our lawful basis for processing is our legitimate interest in providing contact management services to our Users, enabling them to better connect and build their relationships with you. Personal Data will be retained as long as necessary to serve that purpose or until you decide it is not in your best interest to keep your information in the FullContact Database. You have the right to object to the processing of your Personal Data at any time.

If you have taken ownership of your data by following the necessary steps at (Own Your Personal Data) or by contacting us directly, we may ask for your explicit permission to share certain of your Personal Data. If you choose to give permission to share certain information, then our lawful basis for processing is your Consent. You have the right to withdraw your Consent at any time. You also have the right of portability for any data that you have provided us.

You have the right to request from us access to and rectification or erasure of Personal Data or restriction of processing. You may exercise these rights at (Own Your Personal Data) or by contacting us directly. Requests for erasure can not be met because erasing your Personal Data would not achieve the desired result of your Personal Data not being in our system: we receive data continuously and would likely have your Personal Data in our system again quickly. Instead, we will mark your Personal Data as "hidden" and "restrict processing" such that your data is no longer used in providing our service and is no longer made available to anyone.

You have the right to request the sources of your Personal Data. You may do so by contacting us as indicated in the "Contact Us" section below. Please note that to protect the rights of other data subjects, we may only be able to provide you with the general categories of sources.

We may transfer, store, and process your information within our family of companies or with service providers based in the United States. FullContact complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively.

You have the right to lodge a complaint with your applicable supervising authority.

FullContact Privacy Policy

Last Updated: 7/26/2018

Thank you for using FullContact!

FullContact Inc. ("FullContact", “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, process, and disclose your information, including Personal Data (as defined below), in conjunction with your access to and use of our Services, and it applies to all of the Services offered by FullContact and its affiliates including but not limited to all FullContact Apps, Sites, APIs (including exports), and FullContact Integrations. "Users" as defined in this Privacy Policy includes any user of our Services including individual End Users, organizational Clients, and Developers.

1. INFORMATION WE COLLECT

1.1 Types of Data We Collect

"Personal Data" means any data that allows someone to identify or contact an individual data subject, including, for example, name, address, telephone number, email address, as well as any other non-public information that is associated with or linked to any of the foregoing data. "Anonymous Data" means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.

1.2 Information You Provide Us

Account Information. When you sign up for a FullContact Account, we may require certain information such as your full name, organization, phone number, email address(s) and password. You may optionally choose to sign into FullContact using a third party (e.g., your Google login). If you choose to do this, you will be asked whether you agree to the third party providing certain information to FullContact, such as your name, email address, profile photo, and other information associated with your account.

Profile Information. To help improve your experience or enable certain features of the Services, you may choose to create a profile including information such as your name, photo, email, phone, URLs, physical address, instant message handles, dates, job title, gender, bio, and interests.

Referrals. When you use FullContact to refer our Services to others we will collect and use any contact information you choose to provide and automatically generate an invitation to the contacts you select.

Payment Information. Some of our Services require payment. We may use third party service providers such as Stripe or Authorize.net to collect all information necessary to complete the transaction. Such information may include name, credit card and billing information, as well as additional fields required for payment. We never share your billing and payment information.

General Communication. If you contact us (for example via email or phone) we will collect information such as your name, phone number, email address, as well as any other content that you provide. We also may create event logs to diagnose product or app related issues, and capture information relating to any support or service issues. To improve customer service, subject to applicable laws, we may also record and review conversations with customer support representatives and analyze any feedback provided through voluntary customer surveys.

Additional Information. You may otherwise choose to provide us information when you fill in a form, conduct a search, update or add information to your Account, respond to surveys, provide feedback, request support, post to forums, participate in promotions, or use other features of our Services. We may also collect information at other points in our Services when clearly stated that information is being collected.

1.3 Information We Receive From Your Use of Our Services

1.3.1 Your Contacts

FullContact provides a variety of Services that enable you to effectively manage contact information that you provide to us as part of those Services (your “Contacts" , also referred to as "End User Contact Data" in our Terms of Use). Contacts typically contain information on individuals (or organizations) including names, email addresses, phone numbers, URLs, social handles, online identifiers, and physical addresses. Your Contacts may also contain additional information on individuals such as organizational affiliations, job titles, birthdays, key dates, age, gender, general location, relationships, skills, interests, preferences, notes, photos, tags and other categorizations. Depending on which Services you elect to use, Contacts may be collected in one or more of the following ways:

Connected Services. Many FullContact Services allow you to connect with external systems or databases that contain your Contacts. Examples include but are not limited to: 1) third-party contact management applications and services, 2) communication applications such as email providers, video conferencing systems, calendar applications, and social networks, and 3) sales, marketing, customer service, and media applications and platforms. Connections to such services generally require you to sign into those services.

User Interfaces. Many FullContact Services allow you to directly enter, edit, or otherwise manage your Contacts by means such as typing into a user interface or speaking to a voice interface.

APIs. Contacts may also be collected when you submit Contacts through FullContact's API. This includes both APIs for directly managing contacts as well as APIs for lookup or search.

Uploaded Files. You may also elect to upload lists of Contacts to FullContact for processing.

Third-Party Applications. FullContact may enable you to manually or automatically transfer, upload, or copy-and-paste contact information from certain third-party applications into FullContact.

Contact Extraction. You may elect certain FullContact features that extract Contacts from email, text or photographs. Examples include our business card scanning feature and our email signature extraction feature. We will not process the content of the communication unless you have explicitly asked us to do so

Shared Contacts. Other FullContact users may elect to share their Contacts or their personal contact details with you.

1.3.2 Relationship Information

FullContact provides a variety of Services that enable you to effectively manage your relationships. Depending on which Services you elect to use, relationship information may be collected in one or more of the following ways:

Your Contacts. Your Contacts suggest a certain relationship between you and the people or organizations those Contacts represent. Your Contacts may explicitly indicate the nature of the relationship. We may also infer the strength or nature of a relationship based on the presence or absence of certain contact information such as mobile numbers or key dates, as well as shared elements such as physical addresses or organizational affiliations. Inferred relationship information may also be based on how you interact with individual Contacts such as how often you access or modify them.

Connected Services. Many FullContact Services allow you to connect with external systems or databases that may contain information on your relationships, such as "connections" on social networks or other platforms.

Communication MetaData. Certain FullContact Services may infer relationship information based on communication patterns. For example, any time communication is initiated within a FullContact application, we may collect communication metadata including the individual contacted, the time, and the length or duration of the communication. We may similarly collect communication metadata from services you have elected to connect to FullContact, such as email providers. In some cases, communication metadata may be collected directly from a device. We will not process the content of the communication unless you have explicitly asked us to do so (e.g., for purposes of contact extraction).

Appointment Data. If you have connected a calendar or scheduling service to FullContact, we may collect information such as the appointment time, location, duration, and participants.

1.4 Information We Receive from Third Parties.

We may receive information that others provide about you when they use the Services (through Contacts provided to us as described above), or obtain information from other sources, including but not limited to public or licensed APIs (“Public Data”), and combine that with information we collect through the Services. We do not control, supervise, or respond for how the third parties providing your information process your Personal Data.

Analytics. We may collect and allow third parties to collect information about how you use and interact with our Site and Services. Examples of third-party providers of analytics and similar services we currently use include:

Google Analytics and Facebook Analytics. Used to track site statistics and user demographics, interests and behavior on websites. Firebase, another Google service, is used on some of our mobile apps to track the effectiveness of our marketing campaigns and advertisements. We also use Google Search Console to help understand how our website visitors find our websites and to improve our search engine optimization.

Rollbar; Crashlytics (Fabric). Used to help us better understand usage of FullContact’s mobile apps to improve user experience and to identify and resolve the root causes of app crashes. We recommend you read Crashlytics' privacy policy, and Rollbar’s privacy policy for more information about how these services use and process data, including Personal Data.

Third Party Services. If you link, connect, or login to your FullContact Account with a third party service (For Example: Google), the third party service may send us information such as your registration and profile information. This information varies and is controlled by that service or as authorized by you via your privacy settings in that service.

Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic or interests data, from third party service providers and/or partners, and combine that information with information we have about you. We may receive information about you and your activities whether as part of or outside our Services through partnerships, or about your experiences and interactions from our partner ad networks.

2. HOW WE USE INFORMATION

We use, store, and process information, including Personal Data, to provide, understand, improve, and develop our Services, create and maintain a trusted and safer environment, and comply with our legal obligations.

2.1 Provide, Maintain, and Support the Services

Using the information we collect, we are able to deliver the Services to you and honor our Terms of Use. For example, we may process your Contacts to provide you with the contact management features you select, including but not limited to Contact storage, backup, editing, synchronization, deduplication, search, tagging, sharing, and grouping.

Relationship information may be used for relationship management services including determining, classifying, and ranking relationships, as well as recommending communication actions, appointments, or new connections. Relationship information may also be used to improve certain contact management functions such as deduplication, tagging, and grouping.

We also need to use the information you provide (including Personal Data) to facilitate the creation of and secure your Account on our network, identify you as a user in our system, provide improved administration and quality of experience of our Site and Services, send email, call, or send SMS text messages to you to verify ownership of the email address or phone number provided when your Account was created, send you service, support or maintenance messages, updates, security alerts, and Account notifications. Your information may also be used for the detection and prevention of fraud, spam, abuse, and other harmful activity, and for any purpose you authorize at the time of collection.

Additionally, to provide you technical support, we may need to review your Account and the contents of your Account to identify, research, troubleshoot, and resolve any issues that you report to us or that we otherwise become aware of.

2.2 Improve, Personalize, and Develop the Services

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and services.

We may process your information (including Personal Data) for marketing purposes including profiling and offering you products or services that may be of interest to you (such as information about FullContact Services or partner campaigns and other third party services). We may also administer referral programs, rewards, surveys, sweepstakes, contests, newsletters, or other promotional activities or events sponsored or managed by FullContact or its third party partners. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your FullContact Account.

We may also process your Contacts and relationship information to suggest people for you to invite to use our Services. When you have chosen to send a referral to another individual or organization, we may process your Contacts and relationship information to facilitate your referral invitations.

2.4 Combine Contacts Across Users

By selectively combining your Contacts and relationship information with information from other FullContact users we can provide you and other users with enhanced features and Services. Your Contacts may be combined with other Users’ Contacts, as well as Public Data and other publicly available information and information we receive from third parties, to build more complete contact records of individuals (“Completed Contact Data”). Completed Contact Data reside in the FullContact Database and may be processed for the purposes described in the remainder of this section.

Completed Contact Data may be used to provide you and other Users of our Services with enhanced deduplication. Deduplication is a service that cleans up Contacts by automatically merging duplicate Contact records. The deduplication service relies on making associations between different Contact elements. For example, you might have two Contacts for the same individual in your address book or in your Customer database or file: one Contact that contains just a first name and a phone number, and a second Contact that contains a full name and an email address only. In order to determine whether those two Contacts represent the same individual and should be merged, we look at the Completed Contact Data for that individual. If, in this example, both the phone number and the email address exist within Completed Contact Data for that individual, we may automatically merge (or suggest you to merge) your two Contacts.

In the above example, we may have learned of the linkage between the phone number and email address from publicly available sources. In other cases, we may have been able to infer the linkage or we may have learned the linkage from one or more other Users of our Services who have contributed a Contact that contains those two contact elements together. In this way you are benefiting from information that other Users of our Services have contributed to Completed Contact Data. Similarly, contributing your information to Completed Contact Data benefits other Users of our Services. Relationship information from you and other Users of our Services may also be used in providing enhanced deduplication. For example, the fact that two Contacts in your address book contain the same first name may increase the chances that those Contacts represent the same individual.

Your Contact information may also be combined with other Users of our Services data to provide contact enrichment. In contact enrichment, a User is able to match a Contact that they possess to our Completed Contact Data, and receive back a subset of the contact information from the relevant Completed Contact Data for that individual. For example, we may share an individual’s name to support features including but not limited to caller ID. We also may share public social handles to support Contact Enrichment. Certain professional information including but not limited to business emails, organizational affiliation and job title, that can be inferred or extracted from a business card or email signature, may also be shared. Finally, generalized demographic information such as age range and gender, affinities, unique pseudonymized identifiers (“FullContact ID”), as well as derived general location from a phone number or physical address, may also be shared. We will never share physical addresses, personal phone numbers, personal emails unless you have given us your specific and unequivocal permission to share that information or we have secured the information via pseudonymization (e.g., through cryptographic hashing). We will never share any of your private notes with any other User.

We also use Completed Contact Data to provide Contact Search, such as when an User of our Services wants to retrieve a set of Completed Contact Data based on a set of search criteria. With the exception of the shareable contact elements described above, all contact elements in a Completed Contact are considered private and are not shared with other Users of our Services . However, any contact element (including those private elements) may be used for lookup and matching purposes.

2.5 Creation of Anonymous Data

We may create Anonymous Data records from information by excluding certain private data in a manner that makes the data not personally identifiable. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. FullContact reserves the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in its sole discretion.

3. HOW INFORMATION IS SHARED

3.1 When You Consent, Agree or Direct Us to Share

You may authorize us to disclose your information to others, such as when you connect a third party application or website to access your FullContact Account, when you participate in promotional activities conducted by FullContact partners or third parties or when you exercise consent as requested in the use of our Services.

3.2 Sharing Between Users

To provide our Services, we may need to share certain information with other Users of our Services , as it is necessary for the adequate performance of the contract between you and us and for performance of certain features of our Services based on our legitimate interest. Examples include, but are not limited to, sharing information through our FullContact for Teams products as well as information contributed to our Database for the purposes of improving the Services for both you and other End Users and Developers (as described in Section 2.4).

Regardless of any choices you make regarding your Personal Data (as described below), FullContact may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with applicable laws, including laws outside your country of residence; (c) to respond to requests from public and government authorities (including authorities outside your country of residence) or to respond to subpoenas or warrants served on FullContact; (d) to protect or defend the rights or property of FullContact and/or that of you or other End Users or Developers; and/or (e) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Terms of Use. In addition, under certain applicable laws, individuals may have the right to require that we disclose to them their information (including Personal Data) that we store in our Database. FullContact will make such disclosures required by law, but we will not disclose you as the source of that information unless required by law.

3.4 Service Providers

FullContact uses a variety of third party service providers to help us provide our Services. These Service providers may be located anywhere worldwide in countries outside your country of residence. In particular, currently use service providers based in Europe, India, Asia Pacific and North and South America.

In order to facilitate payments for Services we provide, certain information as described above may be shared with the relevant payments service providers. This data sharing is necessary for the performance of the contract between you and us.

These service providers may have limited access to your information as necessary to perform these services on our behalf, and are contractually bound to protect and to use your information only for the purposes for which it was disclosed and consistent with this Privacy Policy.

FullContact may need to share your information in order to deliver the Services to you and honor our Terms of Use.

3.5 Corporate Affiliates

To enable or support us in providing the Services, we may share your information including Personal Data, in compliance with local data Privacy laws, within our corporate family of companies that are related by common ownership or control.

Sharing with FullContact, Inc. Even if your country of residence is not the United States, your information may be shared with FullContact, Inc. which provides the technical infrastructure for the Services, product development and maintenance, customer support, trust and safety and other business operation services to other FullContact entities.

Sharing with FullContact subsidiaries. Your information may be shared with our wholly owned subsidiaries. The information shared in these circumstances may include Personal Data including but not limited to Contact information.

3.6 Social Media Platforms

Where permissible according to applicable law we may use certain derivative Personal Data about you, such as a cryptographic hash of a personal email and share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our Sites or otherwise promote our Services. The social media platforms with which we may share your Personal Data are not controlled or supervised by FullContact. Therefore, any questions regarding how your social media platform service provider processes your Personal Data should be directed to such provider.

Please note that you may, at any time ask FullContact to cease processing your Personal Data for these direct marketing purposes by sending an email to: opt-out@FullContact.com.

3.7 Business Transfers

If FullContact undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information, in connection with such transaction, or in preparation for or contemplation of such transaction (e.g., due diligence).

3.8 Aggregated and Anonymized Data

We may also use and share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other Anonymized Data for any lawful purpose, including (but not limited to) regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.

4. DATA RETENTION

We generally retain your information for as long as is necessary for the performance of the Services to you and our other Users and to comply with our legal obligations. This includes information that you have made available to the FullContact Database for the purposes of improving the Services for both you and other Users of our Services (as described in Section 2.4).

You may request that we delete your information and close your FullContact Account or you can delete your End User Contact Data and close your Account on your own. Please note that if you request the deletion of your information or if you delete your information:

We may retain some of your information as necessary for fraud detection and prevention and enhancing safety. For example, if we suspend a FullContact Account for fraud or safety reasons, we may retain certain information from that Account to prevent that user from opening a new FullContact Account in the future.

We may retain and use your information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, and auditing obligations.

Information you have shared with other systems (e.g., Google) may continue to exist in those systems, and in some cases be publicly visible.

Some copies of your information (e.g., log records) may remain in our Database but are disassociated from personal identifiers.

Because we maintain backup to protect our Services from accidental or malicious loss and destruction, residual copies of your information will be included in backups and may not be removed from our backup systems.

5. THIRD PARTY WEBSITES

When you click on a link to any other website or location, you will leave our Site and go to another site and another entity may collect Personal Data or Anonymous Data from you. We have no control over, do not review, and cannot be responsible for, these outside websites, or the manner in which they collect, use and handle information or content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites.

6. MINORS

Our Services are not intended for or designed to attract anyone under the age of 18 (“Minors”). We don’t intentionally or knowingly collect personal information regarding Minors and our Terms of Use explicitly prohibit the use of our Services by Minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without such parent or guardian's consent, he or she should contact us. We will then delete such information from our Database.

7. DATA PROTECTION

7.1 Security

We are continuously implementing and updating appropriate technical and organizational measures to help protect your Personal Data against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your Personal Data are firewalls and data encryption, and information access controls. If you know or have reason to believe that your account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Account, please contact us following the instructions in the “Contact Us” section below.

7.2. Our International Operations and Data Transfers

To bring you our Services, we operate globally. We may transfer, store, and process your information within our family of companies or with service providers based in Europe, India, Asia and North America. Laws in these countries may differ from the laws applicable to your country of residence. For example, information collected within the European Economic Area (the “EEA”) may be transferred, stored, and processed outside of the EEA for the purposes described in this Privacy Policy.

7.3 EU-US and Swiss-US Privacy Shield

FullContact Inc. complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively. FullContact has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, FullContact is subject to the authority of the Federal Trade Commission. If you have any questions or concerns relating to our Privacy Shield certification, contact us at: FullContact, Inc., Legal Department, 1755 Blake St #450, Denver, CO 80202 or via email privacy@fullcontact.com. If we are not able to resolve your concern, you may also contact our designated Privacy Shield independent dispute resolution provider, BBB EU Privacy Shield. In certain circumstances, you may also have the right to pursue binding arbitration through the Privacy Shield Framework, as described in Annex I to the Privacy Shield Principles.

8. YOUR RIGHTS

8.1 Email Choices

We offer you choices regarding the collection, use, and sharing of your Personal Data. If you are a User of our Services , we may periodically send you free newsletters and emails that promote our Site or Services as well as products or services we think you may be interested in. When you receive such promotional newsletters or communications from us, you may indicate a preference to stop receiving them from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly. Despite your indicated email preferences, we may send you service related communication, including notices of any updates to our Terms of Use or Privacy Policy.

8.2 Access, Correction, and Deletion

FullContact allows any data subject, including the End Users of our Services, to access, modify, and set permissions with respect to Personal Data that it holds about them. You and any data subject may access and make corrections and choices about their Personal Data by choosing “Own Your Personal Data” on the FullContact Site.

Please note however that, if you request that we delete your Personal Data, we will not do so to protect your rights and freedoms because, if we do, another user may later upload your contact information and we will not have a record that you requested that your contact information be deleted. Instead of deleting your End User Contact Data from the FullContact Database, we will retain it but flag it, restrict any further processing and not use or share it with any third parties. Finally, FullContact provides you with the ability to export your Personal Data, End User Contact Data or Completed Contact Data from some of our Services at any time using industry standard formats.

8.3 California Privacy Rights

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses that share customer personal information with third parties for the third parties’ direct marketing purposes to respond to requests from California customers asking about the businesses’ practices related to such information-sharing. Alternately, such businesses may have in place a policy not to disclose a customer’s personal information to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place. As described in Section 8.2 of the Privacy Policy, you can opt-out of our sharing of your personal information with anyone (including with third parties for the third parties' direct marketing purposes) by clicking on the “Own Your Personal Data” in that section of our Privacy Policy and choosing to "Do Not Share". To find out more about your opt-out rights, please contact us at the address listed in Section 11 of the Privacy Policy. Please note that under California law businesses are only required to respond to a customer making such a request once during any calendar year.

9. YOUR RIGHTS UNDER THE GDPR

In the Use of our Services we mainly act as data processor and, in some cases, we may act as data controller when we determine the purposes and means of the processing of Personal Data.

EEA residents may exercise any of the rights described in this section by using the applicable functionality in our Services or by contacting us directly. If you reside outside of the European Union, you may have similar rights under your local laws. Please note that we may ask you to verify your identity before taking action on your request.

9.1 Purposes and Legal Basis for Processing.

The purposes for processing are described in detail in Section 2 ("HOW WE USE INFORMATION"). In the Use of our Services when we act as data controller the legal basis for processing is as follows:

Provide and Maintain the Services (Section 2.1): This enables us to deliver the Services to you and honor our Terms of Use in the performance of a contract.

Improve, Personalize, and Develop the Services (Section 2.2): This use is based on our Legitimate Interest in improving our services for you and other users.

Provide, Personalize, Measure, and Improve our Advertising and Marketing (Section 2.3): This use is based on our Legitimate Interest in marketing our Services.

Combine Contacts and Relationship Information Across Users (Section 2.4): This use is necessary to deliver certain Services to you and is based on your explicit Consent.

Creation of Anonymous Data (Section 2.5): This use is based on our Legitimate Interests to improve and market our Services.

9.2 Categories of Recipients of Data.

Recipients of data are detailed in Section 3 ("HOW INFORMATION IS SHARED").

9.3 Rectification of Inaccurate or Incomplete Information.

You have the right to ask us to correct inaccurate or incomplete Personal Data concerning you (and which you cannot update yourself within your FullContact Account).

9.4 Data Access and Portability.

In some jurisdictions, applicable law may entitle you to request copies of your Personal Data held by us. You may also be entitled to request copies of Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).

9.5 Withdrawing Consent and Restriction of Processing.

Where you have provided your consent to the processing of your Personal Data by FullContact you may easily withdraw your consent at any time specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your Personal Data, in particular where (i) you contest the accuracy of your Personal Data; (ii) the processing is unlawful and you oppose the erasure of your Personal Data; (iii) we no longer need your Personal Data for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to Section 9.2.6 below (“Objection to Processing”) and pending the verification whether the legitimate grounds of FullContact override your own.

9.6 Objection to Processing.

In some jurisdictions, applicable law may entitle you to require FullContact not to process your Personal Data for certain specific purposes, where such processing is based on legitimate interest. If you object to such processing we will no longer process your Personal Data for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise, or defence of legal claims.

Where your Personal Data is processed for direct marketing purposes, you may, at any time, ask us to cease processing your Personal Data for these direct marketing purposes by sending an email to: opt-out@fullcontact.com.

9.7 Lodging Complaints.

You have the right to lodge complaints about the data processing activities carried out by us before the competent data protection authorities. If you are a EEA resident, you have the right to file a complaint with your applicable data protection authority.

10. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Data, we will notify you by sending you an email to the last email address associated with your Account, and/or by prominently posting notice of the changes on our Site. If any changes materially affect the manner in which we use or disclose Personal Data, we will provide advance notice of the change by email to the last email address associated with your Account, and/or by prominently posting notice of the changes on our Site. Continued use of our Site or Service, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

EU-US Privacy Shield Certification

The following information aligns Fullcontact Privacy Statement with the specific points required by the Privacy Shield self-certification process, and ensures Fullcontact's compliance with the EU-US Privacy Shield Framework.

FullContact complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. FullContact has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov

In compliance with the EU-US Privacy Shield Principles, FullContact commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact the dedicated FullContact compliance team at: Compliance@FullContact.com

FullContact has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.

FullContact subsidiaries also adhering to the Privacy Shield Principles:

CoBook SIA (a Latvian Company)

nGame Inc. (a Delaware Company)

FullContact International, LLC (a Delaware Company)

Types of information covered by Fullcontact Privacy Policy:

Note differences in this policy regarding the term “human resources data”. Human Resources Data refers to personal data about employees, past or present, collected in the context of the employment relationship. Information other than Human Resources data includes the following: customer, client, visitor, and clinical trial data.

Purposes for which FullContact collects and processes personal data in reliance on the Privacy Shield:

General Use. In general, Personal Data you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Data in the following ways:

facilitate the creation of and secure your account on our network;

identify you as a user in our system;

provide improved administration and quality of experience of our Site and Services;

provide the Services you request;

send you a welcome email to verify ownership of the e-mail address provided when your account was created;

send you administrative e-mail notifications, such as security or support and maintenance advisories;

respond to your inquiries related to employment opportunities or other requests; and

send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes of FullContact.

Creation of Anonymous Data. We may create Anonymous Data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. FullContact reserves the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in its sole discretion.

Disclosure of Your Personal Data. We disclose your Personal Data, End User Contact Data and Completed Contact Data as described below and as described elsewhere in this Privacy Policy. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, FullContact is potentially liable.

Third Party Service Providers. We may share your Personal Data with third party service providers to: provide you with the Services that we offer you through our Site; to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; and/or to provide other services to FullContact. These third party service providers are required not to use your Personal Data other than to provide the services requested by FullContact. FullContact requires its service providers to whom it discloses Personal Data and who are not subject to the laws based on the EU Data Protection Directive 95/46 or Swiss Federal Data Protection law to either (i) subscribe to the Privacy Shield principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

Affiliates and Acquisitions. We may share some or all of your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy. If another company acquires our company, business, or our assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

Other Disclosures. Regardless of any choices you make regarding your Personal Data (as described below), FullContact may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on FullContact; (c) to protect or defend the rights or property of FullContact or users of the Services; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Terms of Use. FullContact may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Developers. Developers may want access to Personal Data (including End User Contact Data) that we collect from their customers. As a result, we may provide your Personal Data to Developers; however (and in accordance with California’s “Shine the Light” Act codified at Civil Code section 1798.83), we will cease any further disclosure of your Personal Data to Developers for their own direct marketing purposes if you “opt-out” by contacting us as described in Section 13 below. If you wish to discontinue receipt of these e-mails, please contact the applicable Developer directly to update your preferences. The privacy policies of the Developers may apply to the use and disclosure of your Personal Data that we collect and disclose to such Developers. We contractually require Developers to not, and to require their customers to not, use such data for the purposes of cookie tracking, ad exchanges, ad networks, data brokerages, and sending electronic communications (including email) in violation of applicable law. FullContact requires Developers to whom it discloses Personal Data and who are not subject to the laws based on the EU Data Protection Directive 95/46 or Swiss Federal Data Protection law to either (i) subscribe to the Privacy Shield principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

User's RIGHT to access their data:

FullContact takes privacy, trust and the management of personal information very seriously. Our link to manage your publically available contact information is here - Own Your Personal Data. Through this interface a user can;

Control and promote your single online identity

Control the information that others see about you

Correct data that is no longer valid

Opt out completely and remove the public information that we have for your contact record

FullContact’s independent recourse mechanism:

FullContact’s SOC 2 Audits are performed by KirkPatrickPrice, CPA firm, who can be contacted online at www.KirkPatrickPrice.com

Federal Trade Commission will serve as the statutory body and has jurisdiction to investigate claims against FullContact regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy.

FullContact’s annual revenue as of August 1st, 2016 is between $5-25 Million

FullContact’s industry sector is “Technology”

FullContact currently employs between 100-250 people

FullContact Terms of Use

Updates to our Terms of Use and Privacy Policy

We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. As part of our commitment to transparency, we’re updating our Privacy Policy to empower you to make the best decisions about the information that you share with us.

These updates will take effect on May 25, 2018. By using our services on or after that date, you’ll be agreeing to these revisions. You should read the documents in full, but the key updates in our Privacy Policy include:

More focus on the controls we offer you over your personal data;

More transparency and control over how we use and share your data;

If you are a resident of EEA you can use the controls in our updated policy to limit the information we collect about you or how we use it.

FullContact Inc. ("FullContact", "us", or "we") operates a number of websites including fullcontact.com, rainmaker.cc and whosent.it (each a "Site") which are copyrighted works. FullContact provides a service to update contact information (collectively, including the FullContact Apps and API, the "Services"). More specifically, FullContact provides plug-ins (e.g., for gmail or outlook) and smart phone apps (e.g., for iPhone) for end users to improve their contact information ("FullContact Apps"). FullContact also provides an API (as defined below) for developers ("Developers") to create Developer Apps (as defined below). This Agreement applies to both Developers and End Users. As used herein, "End User" means an end user of a Site, a Developer App, or a FullContact App. Certain features of the Services or Site may be subject to additional guidelines, terms, or rules, which will be posted on the Service or Site in connection with such features. All such additional terms, guidelines, and rules are incorporated by reference into this Agreement.

These Terms of Use ("Agreement") sets forth the legally binding terms for your use of the Site and Services. By accessing or using the Site or Services, you are accepting this Agreement (on behalf of yourself or the entity that you represent) and you represent and warrant that you have the right, authority, and capacity to enter into this Agreement (on behalf of yourself or the entity that you represent). You may not access or use the Site or Services or accept the Agreement if you are not at least 18 years old. If you do not agree with all of the provisions of this Agreement, do not access and/or use the Site or Services.

1. Accounts

In order to use certain features of the Site or Services (e.g., if you are a Developer), you must register for an account with FullContact ("Account") and provide certain information about yourself as prompted by the registration form. In addition, you may voluntarily choose to create a FullContact Account. You represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information. You may delete your Account at any time, for any reason, by following the instructions on the Site. FullContact may suspend or terminate your Account in accordance with Section 9. You are responsible for maintaining the confidentiality of your Account login information and are fully responsible for all activities that occur under your Account. You agree to immediately notify FullContact of any unauthorized use, or suspected unauthorized use of your Account or any other breach of security. FullContact cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements.

2. Licenses

Site License. Subject to the terms of this Agreement, FullContact grants you a non-transferable, non-exclusive, license to use the Site for your personal, noncommercial use.

FullContact App License. If you are an End User, subject to the terms of this Agreement, FullContact grants you a non-transferable, non-exclusive, license to use the FullContact App for your personal, noncommercial use.

Completed Contact Data License. If you are an End Users, subject to the terms of this Agreement, FullContact grants you a non-transferable, non-exclusive, license to use the Completed Contact Data (defined below) you received through your use of a FullContact App or Developer App, for your personal, noncommercial use.

API License. If you are a Developer, please see the API License Addendum attached hereto and incorporated herein by this reference.

Certain Restrictions.

Except as set forth in the API License Addendum, the rights granted to you in this Agreement are subject to the following restrictions: (A) you shall not license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Site or Services; (B) you shall not modify, make derivative works of, disassemble, reverse compile or reverse engineer any part of the Site or Services; (C) you shall not access the Site or Services in order to build a similar or competitive service; and (D) except as expressly stated herein, no part of the Site or Services may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means; (E) use the API or any Completed Contact Data for purposes of monitoring the availability, functionality or performance of any part of the Site or the Services for any competitive purpose or for any other benchmarking or competitive purpose. Any future release, update, or other addition to functionality of the Site or Services shall be subject to the terms of this Agreement. All copyright and other proprietary notices on any Site or Services content must be retained on all copies thereof.

You acknowledge and agree that: (A) Completed Contact Data has not been collected for, and is not intended to be indicative of, any person's employability, credit worthiness, credit standing, credit capacity, or other characteristics related to such person's manner or mode of living, as listed in Section 603(d) of the Fair Credit Reporting Act ("FCRA"), 15 USC Section 1681a; and (B) you shall not use any Completed Contact Data as a factor in establishing any person’s eligibility for (1) credit or insurance used primarily for personal, family or household purposes, (2) employment purposes, or (3) other purposes authorized under Section 604 of the FCRA, 15 USC Section 1681b or any similar statute.

You may not upload any debit or credit card information, bank account information, social security number, driver’s license information, or government ID information. FULLCONTACT WILL NOT HAVE ANY OBLIGATION TO MAINTAIN THE CONFIDENTIALITY OR SECURITY OF SUCH INFORMATION.

Modification. FullContact reserves the right, at any time, to modify, suspend, or discontinue the Site or Services or any part thereof with or without notice. You agree that FullContact will not be liable to you or to any third party for any modification, suspension, or discontinuance of the Site or Services or any part thereof.

No Support or Maintenance. You acknowledge and agree that FullContact will have no obligation to provide you with any support or maintenance in connection with the Site or Services.

3. End User Contact Data

End User Contact Data. If you are an End User, when you use a Site, a FullContact App or Developer App, we may collect End User Contact Data from you (as described in the Privacy Policy). If you are a Developer, when your End Users use your Developer App, we may collect End User Contact Data from your End Users. As used in this Agreement, "your End User Contact Data" means End User Contact Data we collect from you if you are an End User or End User Contact Data we collect from your End Users if you are a Developer. We may combine End User Contact Data with information we collect from third party sources to create Completed Contact Data (as defined in the Privacy Policy). You are solely responsible for your End User Contact Data. You hereby represent and warrant that your End User Contact Data, and providing us your End User Contact Data to use and disclose in accordance with our Privacy Policy, does not violate any third-party rights, including any privacy rights, or any laws, regulations, or obligations imposed by any third party. FullContact is not obligated to backup your End User Contact Data and your End User Contact Data may be deleted at any time. You are solely responsible for creating backup copies of your End User Contact Data if you desire.

License. You hereby grant, and you represent and warrant that you have the right to grant, to FullContact an irrevocable, perpetual, nonexclusive, royalty-free and fully paid, worldwide license to “process” (meaning to perform any activity, including reproduce, distribute, publicly display and perform, prepare derivative works of, incorporate into other works, disclose, and otherwise use) your End User Contact Data, solely to the extent necessary to perform the Services in accordance with the FullContact Privacy Policy.

Enforcement. We reserve the right (but have no obligation) to review your End User Contact Data, investigate, and/or take appropriate action against you in our sole discretion if you violate this Agreement or otherwise create liability for us or any other person. Such acts may include removing or modifying your End User Contact Data, terminating your Account in accordance with Section 9, and/or reporting you to law enforcement authorities.

4. Ownership

"Intellectual Property Rights" means all present and future worldwide copyrights, trademarks, trade secrets, patents, patent applications, mask work rights, moral rights, contract rights, and other proprietary rights recognized by the laws of any country. You acknowledge that the Site and Services (and all Intellectual Property Rights therein) are owned by FullContact or FullContact’s licensors. Subject to FullContact’s rights in the API, the Developer App (and all worldwide Intellectual Property Rights therein) are the exclusive property of Developer and its licensors. FullContact and its licensors reserve all rights not granted in this Agreement. FullContact does not license to Developer any rights to any FullContact trademark, trade name, or logo. The provision of the Site and Services does not transfer to you or any third party any rights, title or interest in or to any or all Intellectual Property Rights therein.

If you provide FullContact any feedback or suggestions regarding the Site or Services ("Feedback"), you hereby assign to FullContact all rights in the Feedback and agree that FullContact shall have the right to use such Feedback and related information in any manner it deems appropriate. FullContact will treat any Feedback you provide to FullContact as non-confidential and non-proprietary. You agree that you will not submit to FullContact any information or ideas that you consider to be confidential or proprietary.

5. Indemnity

You agree to indemnify and hold FullContact (and its officers, employees, and agents) harmless, including costs and attorneys’ fees, from any claim or demand made by any third party due to or arising out of (a) your use of the Site or Services, (b) your End User Contact Data, (c) your violation of this Agreement; (d) your violation of applicable laws or regulations (including any privacy laws), and (e) if you are a Developer, your Developer App. FullContact reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us and you agree to cooperate with our defense of these claims. You agree not to settle any matter without the prior written consent of FullContact. FullContact will use reasonable efforts to notify you of any such claim, action or proceeding upon becoming aware of it.

6. Third Party Sites & Ads; Developers

Third Party Sites & Ads. The Site might contain links to third party websites, services, and advertisements for third parties (collectively, “Third Party Sites & Ads”). Such Third Party Sites & Ads are not under the control of FullContact and FullContact is not responsible for any Third Party Sites & Ads. FullContact provides these Third Party Sites & Ads only as a convenience and does not review, approve, monitor, endorse, warrant, or make any representations with respect to Third Party Sites & Ads. You use all Third Party Sites & Ads at your own risk. When you link to a Third Party Site & Ad, the applicable third party’s terms and policies apply, including the third party’s privacy and data gathering practices. You should make whatever investigation you feel necessary or appropriate before proceeding with any transaction in connection with such Third Party Sites & Ads.

Developers. Each Developer is solely responsible for any and all of its Developer Apps. Because we do not control Developers or their Developer Apps, you acknowledge and agree that we are not responsible for any Developers or their Developer Apps and we make no guarantees regarding the accuracy, currency, suitability, or quality of any Developers or their Developer Apps, and we assume no responsibility for any Developers or their Developer Apps. Your interactions with Developers or their Developer Apps are solely between you and such Developer. You agree that FullContact will not be responsible for any loss or damage incurred as the result of any such interactions. If there is a dispute between you and any Developer, we are under no obligation to become involved.

Release. You hereby release and forever discharge us (and our officers, employees, agents, successors, and assigns) from, and hereby waive and relinquish, each and every past, present and future dispute, claim, controversy, demand, right, obligation, liability, action and cause of action of every kind and nature (including personal injuries, death, and property damage), that has arisen or arises directly or indirectly out of, or relates directly or indirectly to, any interactions with, or act or omission of, Developers, Developer Apps or Third Party Sites & Ads. IF YOU ARE A CALIFORNIA RESIDENT, YOU HEREBY WAIVE CALIFORNIA CIVIL CODE SECTION 1542 IN CONNECTION WITH THE FOREGOING, WHICH STATES: “A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS WHICH THE CREDITOR DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE, WHICH IF KNOWN BY HIM OR HER MUST HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH THE DEBTOR.”

7. Disclaimers

THE SITE AND SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data) ARE PROVIDED “AS-IS” AND “AS AVAILABLE” AND WE (AND OUR SUPPLIERS) EXPRESSLY DISCLAIM ANY WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, ACCURACY, OR NON-INFRINGEMENT. WE (AND OUR SUPPLIERS) MAKE NO WARRANTY THAT THE SITE OR SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data): (A) WILL MEET YOUR REQUIREMENTS; (B) WILL BE AVAILABLE ON AN UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE BASIS; OR (C) WILL BE ACCURATE, RELIABLE, FREE OF VIRUSES OR OTHER HARMFUL CODE, COMPLETE, LEGAL, OR SAFE.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.

8. Limitation on Liability

IN NO EVENT SHALL WE (AND OUR SUPPLIERS) BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOST PROFIT OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT OR YOUR USE OF, OR INABILITY TO USE, THE SITE OR SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data), EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ACCESS TO, AND USE OF, THE SITE AND SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data) ARE AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA RESULTING THEREFROM.

NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT, THE SITE, OR SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data) (FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION), WILL AT ALL TIMES BE LIMITED TO THE GREATER OF (A) FIFTY US DOLLARS ($50) OR (B) AMOUNTS YOU’VE PAID COMPANY IN THE PRIOR 12 MONTHS (IF ANY). THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. YOU AGREE THAT OUR SUPPLIERS WILL HAVE NO LIABILITY OF ANY KIND ARISING FROM OR RELATING TO THIS AGREEMENT, THE SITE, OR SERVICES (INCLUDING THE COMPANY APP, API, AND Completed Contact Data).

SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OF CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.

9. Term and Termination

Subject to this Section, this Agreement will remain in full force and effect while you use the Site or Services. We may (a) suspend your rights to use the Site and/or Services (including your Account) or (b) terminate this Agreement, at any time for any reason at our sole discretion, including for any use of the Site or Services in violation of this Agreement. Upon termination of this Agreement, your Account and right to access and use the Site and Services will terminate immediately. Even after this Agreement is terminated, the following provisions of this Agreement will remain in effect: Sections 2.5 – 2.7, and 4–10.

10. General

Changes to Terms of Use. This Agreement is subject to occasional revision, and if we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any) and/or by prominently posting notice of the changes on our Site. Any changes to this agreement will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our Site. These changes will be effective immediately for new users of our Site or Services. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Site or Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Arbitration Agreement And Jury Trial Waiver, Class Action Waiver, And Forum Selection Clause. All controversies, disputes, demands, counts, claims, or causes of action between you and FullContact arising out of, under, or related in any way to this Agreement or our privacy practices, shall exclusively be settled through binding arbitration.

Arbitration shall be subject to the Federal Arbitration Act and not any state arbitration law. The arbitration shall be conducted before one commercial arbitrator with substantial experience in resolving commercial contract disputes from the American Arbitration Association (“AAA”). As modified by this Agreement, and unless agreed upon by the parties in writing, the arbitration will be governed by the AAA’s Commercial Arbitration Rules and, if the arbitrator deems them applicable, the Supplementary Procedures for Consumer Related Disputes (collectively “Rules and Procedures”).

You are thus GIVING UP YOUR RIGHT TO GO TO COURT to assert or defend your rights under this contract EXCEPT for matters that may be taken to small claims court. Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury. You are entitled to a FAIR HEARING, BUT the arbitration procedures are SIMPLER AND MORE LIMITED THAN RULES APPLICABLE IN COURT. Arbitrator decisions are as enforceable as any court order and are subject to VERY LIMITED REVIEW BY A COURT.

You and FullContact must abide by the following rules: (a) for any claim that could otherwise be brought in small claims court, the arbitration shall be conducted solely based on written submissions and, if the arbitrator deems it appropriate, a telephonic hearing; (b) if the claim exceeds what can be recovered in a small claims court, the arbitration shall be conducted solely based on written submissions or a telephonic hearing, unless the arbitrator deems a face-to-face hearing is appropriate, in which case one should be held at a location agreed to by you and FullContact, and if the parties cannot agree on a location for the hearing, the arbitrator will determine a location for the proceedings which is reasonably convenient to both parties with due consideration of their ability to travel and other pertinent circumstances; (c) the arbitrator’s ruling is binding and not merely advisory; (d) ANY CLAIMS BROUGHT BY YOU OR FULLCONTACT MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING; (e) THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS, AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A REPRESENTATIVE OR CLASS PROCEEDING, (f) in the event that you are able to demonstrate that the costs of arbitration will be prohibitive as compared to costs of litigation, FullContact will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive as compared to the cost of litigation, (g) FullContact also reserves the right in its sole and exclusive discretion to assume responsibility for all of the costs of the arbitration; (h) the arbitrator shall honor claims of privilege and privacy recognized at law; (i) a decision by the arbitrator (including any finding of fact and/or conclusion of law) against either you or FullContact shall be confidential unless otherwise required to be disclosed by law or by any administrative body and may not be collaterally used against either of them in existing or subsequent litigation or arbitration involving any other person/FullContact customer; and (j) each side pays its own attorneys’ fees and expenses unless there is a statutory provision that requires the prevailing party to be paid its fees’ and litigation expenses.

Notwithstanding the foregoing, either you or FullContact may bring an individual action in small claims court. In addition, if you are a user outside of the United States, Section 11(b) of the Privacy Policy (Dispute Resolution for Users Outside of the United States), and not this arbitration provision, shall apply to any disputes related to privacy. Further, claims of defamation, violation of the Computer Fraud and Abuse Act, and infringement or misappropriation of the other party’s patent, copyright, trademark, or trade secret shall not be subject to this arbitration provision. Such claims shall be exclusively brought (unless such courts do not have personal jurisdiction in the dispute) in the state courts located in Douglas County, Colorado or the federal courts located in Denver County, Colorado. Additionally, notwithstanding this arbitration provision, either party may seek emergency equitable relief before such courts in order to maintain the status quo pending the arbitrator’s ruling, and hereby agree to submit to the personal jurisdiction of such courts. A request for interim measures shall not be deemed a waiver of the right to arbitrate.

With the exception of subparts (d) and (e) in the paragraph above (prohibiting arbitration on a class or collective basis), if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the Rules and Procedures, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, either subpart (d) or (e) is found to be invalid, unenforceable or illegal, then the entirety of this arbitration provision shall be null and void, and neither You nor FullContact shall be entitled to arbitration. In the event this arbitration provision is held unenforceable by a court, or in the event AAA refuses to arbitrate the dispute, all controversies, disputes, demands, counts, claims, or causes of action between you and FullContact shall be exclusively brought in the state or federal courts specified in subsection “(d)” above.

For more information on AAA, its Rules and Procedures, and how to file an arbitration claim, you may call AAA at 800-778-7879 or visit the AAA website at https://www.adr.org.

Choice of Law. The Terms of Use is made under and shall be governed by and construed in accordance with the laws of the State of Colorado, consistent with the Federal Arbitration Act, without giving effect to any principles that provide for the application of the law of another jurisdiction.

Entire Agreement. This Agreement constitutes the entire agreement between you and us regarding the use of the Site and Services. Our failure to exercise or enforce any right or provision of this Agreement shall not operate as a waiver of such right or provision. The section titles in this Agreement are for convenience only and have no legal or contractual effect. The word including means including without limitation. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will be unimpaired and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. FullContact will not be liable for any delay or non-performance of its obligations under this Agreement due to any cause beyond its control. Your relationship to FullContact is that of an independent contractor, and neither party is an agent or partner of the other. This Agreement, and your rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by you without FullContact’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. The terms of this Agreement shall be binding upon assignees. There are no third party beneficiaries of this Agreement.

API License Addendum

This API License Addendum (“Addendum”) applies to Developers and is incorporated by reference into the Terms of Use (“Agreement”).

Definitions. As used in this Addendum:

“API” means the software program or programs in source code or executable code form, any documentation provided therewith, and any modified, updated, or enhanced versions of such items that FullContact provides to Developer pursuant to this Addendum. For the avoidance of doubt, the API is deemed part of the “Service” (as defined above).

“API Key” means the code provided by FullContact that permits Developer to access the API.

“Developer App” means a plug-in or other software application that is (i) developed by or for Developer to improve contact information through use of the Service and/or the API, and (ii) complies with the requirements of this Agreement and any restrictions described in the FullContact Privacy Policy.

License.

Grant. Subject to the terms and conditions of this Addendum, FullContact grants to Developer a limited, non-exclusive, non-transferable, license to: (i) internally use the API Key to access the API, (ii) internally use, perform, display, reproduce the API solely as necessary to develop, maintain and support the Developer App, in accordance with the specifications included in the API; (iii) provided that the Developer App complies with all requirements in this Agreement, reproduce and distribute copies of the API (in its original form or as modified), in executable code form only, solely as incorporated into the Developer App to End Users pursuant to a binding written agreement that contains terms no less restrictive than the Minimum EULA Terms set forth below; and (iv) distribute Completed Contact Data through the Developer App to End Users.

Restrictions. Developer acknowledges that the API and its structure, organization, and source code constitute valuable trade secrets of FullContact and its suppliers. Accordingly, Developer agrees not to disclose, distribute, sublicense, lease, rent, loan, resell or otherwise transfer the data received from the Service or API, the Service or API (other than those elements incorporated into the Developer App) or the API Key to any third party. Developer must reproduce, on all copies made by or for Developer, and must not remove, alter, or obscure in any way all proprietary rights notices (including copyright notices) of FullContact or its suppliers on or within the copies of the API. Developer will immediately notify FullContact if Developer becomes aware of any material breach relating to the API.

Data Restrictions. Developer will not, and will require any and all third parties to which it provides any data from the Service or the API (“Data Recipients”) to not, use such data for the purposes of cookie tracking, ad exchanges, ad networks, data brokerages, sending electronic communications (including email) in violation of applicable law, or any other activity or purpose identified as prohibited by FullContact in any communication sent to Developer. If FullContact informs Developer that a specified activity or purpose is prohibited, Developer will ensure that any and all Data Recipients immediately cease processing of any such data for the prohibited activity or purpose. If Developer is not subject to the laws based on the EU Data Protection Directive 95/46 or Swiss Federal Data Protection law, Developer hereby agrees to either (i) subscribe to the Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Safe Harbor principles. Strict compliance with this section is a condition of the license in this Agreement and a material requirement of this Agreement.

Developer Apps.

Submission. If requested by FullContact, Developer will submit to FullContact each Developer App that Developer distributes or plans to distribute, in accordance with the instructions on FullContact’s website. Developer grants to FullContact a non-exclusive license to internally use, perform, display, reproduce, modify, and create derivative works of the Developer App to evaluate the Developer App during the term of this Addendum. FullContact may, at any time and in its sole discretion, notify Developer that Developer may no longer distribute a Developer App until such Developer App meets conditions specified by FullContact. Upon receipt of such notice, Developer shall promptly cease distribution of the Developer App until the Developer App meets such conditions, in FullContact’s judgment.

App Policy. Developer is solely responsible and liable for the Developer App. Developer is solely responsible for supporting the Developer App. The Developer App must comply with the following (the “App Policy”): the Developer App may not (i) violate any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (ii) violate any laws or regulations (including any privacy laws) or any obligations or restrictions imposed by any third party; (iii) be unlawful, harassing, abusive, tortious, threatening, harmful, invasive of another’s privacy, vulgar, defamatory, false, intentionally misleading, trade libelous, pornographic, obscene, or patently offensive, or promote racism, bigotry, hatred, or physical harm of any kind against any group or individual, or be otherwise objectionable; (iv) be harmful to minors in any way; (v) contain any computer viruses, worms, or any software intended to damage or alter a computer system or data; (vi) send unsolicited or unauthorized advertising, promotional materials, junk mail, spam, chain letters, pyramid schemes, or any other form of duplicative or unsolicited messages, whether commercial or otherwise; or (vii) harvest, collect, gather or assemble information or data regarding other users, including e-mail addresses, without their consent.

Minimum EULA Terms. The following constitute the “Minimum EULA Terms”: (i) the End User must accept FullContact’s Terms of Use and Privacy Policy; (ii) title to and ownership of the API remains with FullContact and its suppliers; (c) the End User may not (A) copy, alter or modify the API, (B) reverse engineer, decompile, disassemble, or in any way attempt to derive the source code for the API, or (C) use the API except as embedded within the Developer App; (iv) all express and implied warranties regarding the API by FullContact and its suppliers are disclaimed; (v) all consequential, special, and indirect damages are disclaimed on behalf of FullContact and its suppliers; (vi) the End User must grant the Developer all rights (including consents and licenses) needed from the End User for Developer to grant FullContact the license to use its End User Contact Data (as described in Section 3(a) of the Agreement); and (vii) Developer’s privacy policy must comply with all applicable privacy laws and must contain a notice that FullContact will collect, and/or receive from Developer, End User Contact Data and will process such data in accordance with FullContact’s privacy policy.

Confidentiality. "Confidential Information" includes the API Key and API and any other materials of FullContact that FullContact designates as confidential or which Developer should reasonably believe to be confidential, including Third Party Access Tokens, Account Credentials and Facebook User Ids. Developer shall hold FullContact’s Confidential Information in confidence and shall neither disclose such Confidential Information to third parties nor use FullContact’s Confidential Information for any purpose other than as necessary to perform under this Addendum. Developer agrees to limit access to the Confidential Information to those employees, agents, and representatives who are necessary for Developer to perform its obligations under this Addendum. All such employees, agents, and representatives must have a written confidentiality agreement with Developer that is no less restrictive than the terms contained herein. Developer will protect the Confidential Information from unauthorized use, access, or disclosure in the same manner as Developer protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. The foregoing restrictions on disclosure shall not apply to Confidential Information that is (a) already known by Developer; (b) becomes, through no act or fault of Developer, publicly known; (c) received by Developer from a third party without a restriction on disclosure or use; or (d) independently developed by Developer without reference to FullContact’s Confidential Information. To the extent Developer submits any Contact Information to FullContact via the API (“Submitted Information”), then: (i) as between FullContact and Developer, such Submitted Information shall belong to Developer, and FullContact will not claim any right, title or interest to such information; (ii) FullContact will not add Submitted Information to any of its database, except as necessary to provide services to Developer; and (iii) Submitted Information shall remain the Confidential Information of Developer, and will not be disclosed by Full Contact to any third party (including any other developer). Notwithstanding the foregoing, nothing herein shall restrict FullContact from (iv) using, accessing, processing, collecting, disclosing, sharing, or distributing any Contact Information that FullContact collects from publicly available sources via the Internet and social networks, including through their public or licensed API (“Public Data”), and (ii) providing, processing, or disclosing Public Information or any Contact Information that is provided by a third party to FullContact, even if such information or Public Data is duplicative of Submitted Information.

Fees. Developer will immediately pay all fees applicable to the products or services purchased from FullContact. The purchase path pages of the Site are hereby incorporated into this Addendum.

Term and Termination. This Addendum will remain in effect until the Developer’s subscription has expired or it has been terminated as provided in this Section. Developer may terminate this Addendum, effective immediately upon written notice to FullContact, if FullContact breaches any provision of this Addendum and does not cure the breach within thirty (30) days after receiving written notice thereof. FullContact may terminate this Addendum, effective immediately upon written notice to Developer, if Developer breaches any provision of this Addendum. Either party may terminate this Addendum for convenience upon providing sixty (60) days notice to the other party. Upon termination or expiration of this Addendum for any reason, all licensed rights granted in this Addendum to Developer will immediately cease to exist and Developer will irrecoverably delete any and all data it received from the Service or the API. Sections 2.2, 2.3, and 4, as well as Developer's obligation to pay any fees applicable to the balance of the Developer's then-current subscription term, will survive any expiration or termination of this Addendum for any reason.

The product and brand names above and any other product or brand names referenced on this website are trademarks of their respective owners and do not imply affiliation with, sponsorship, or endorsement by owners.

FullContact Services Agreement

This Services Agreement (this “Agreement”), is effective between FullContact, Inc. (“FullContact”) and the organization agreeing to these terms (”Client”).

1. Definitions

“API” means the application program interface software in source code or executable code form, and any modified, updated, or enhanced versions of such software through which FullContact Data may be accessed under this Agreement.

“Applicable Laws” means applicable federal, state, local and foreign laws and regulations (including without limitation laws regarding the import or export of data or software and privacy).

“Client Application” means the manner in which Client uses and distributes FullContact Data as described in an Order Form, which may include, but not limited to, the use or distribution of FullContact Data or Data Output through software applications or Internet web-based services or through electronic or written files or reports, in each case provided to End Users by Client.

“Client Privacy Policy” means Client’s conspicuously posted privacy policy that is associated with any commercially available website or application operated by Client, including the Client Application.

“Data Output” means any data, reports, analysis or other output developed by or on behalf of Client that are derived from FullContact Data.

“End User” means any authorized user of a Client Application who is an employee, independent contractor or other authorized representative (a) of a third party client, customer or licensee of Client who has access to or to whom FullContact Data or Data Output is distributed or resold; or (b) of Client who is authorized to access and use FullContact Data for Client’s internal business purposes.

“End User Agreement” is defined in Section 4.b hereof.

“FullContact Data” means Public Data and/or data from third party sources that are provided to Client by FullContact as part of the FullContact Data Services.

“FullContact Data Services” means those data enhancement, enrichment, analysis, research and other data services, and any implementation, training, configuration, data migration and other related professional services performed by or on behalf of FullContact, including those services provided to Client hereunder as described in any applicable Order Form.

“Marks” means the service marks, trademarks, trade name, logos and symbols used by a party to promote its goods or services.

“Order Form” means the FullContact ordering document that refers to this Agreement and is executed from time-to-time by authorized representatives of both parties, and that describes:

The FullContact Data Services and the FullContact Data to be provided;

The Subscription Term;

The access methods through which the Submitted Information, if any, and FullContact Data are provided;

Any applicable restrictions or limits on use of the FullContact Data or APIs;

The payments and fees payable to FullContact for the FullContact Data Services;

The approved use cases required by Section 3.c. below; and any additional terms as agreed upon by FullContact and Client.

“Personal Data” means data through which an individual may be identified or contacted, including, without limitation, names, addresses, telephone numbers, email addresses, as well as any other non-public information about an individual that is associated with or linked to any of the foregoing data, but excluding any data in encrypted or hashed form.

“Subscription Term” means the term of any subscription to FullContact Data Services per an Order Form.

“Submitted Information” means Personal Data, if any, that Client submits to FullContact by the means described in an Order Form in connection with the FullContact Data Services.

2. Services and Scope of Agreement

In consideration for the fees set forth in each Order Form, FullContact will provide the FullContact Data Services and the FullContact Data, to Client pursuant to this Agreement and each Order Form entered into in accordance with the terms of this Agreement, which upon execution by authorized representatives of each party, will be attached to, and become an integral part of this Agreement.

3. Licenses and Restrictions.

Data Licenses. In accordance with the specifications of the Client Application set forth in an Order Form and subject to the terms and conditions of this Agreement, including the limits and restrictions set forth in Section 3.b. and in the Order Form, during the applicable Subscription Term FullContact hereby grants to Client a limited, non-exclusive, non-transferable, license: (i) to create Data Output based on FullContact Data; (ii) to integrate, reproduce and use the FullContact Data as an integral part of the Client Application; (iii) to resell, distribute and display FullContact Data and Data Output to authorized End Users through or as part of the Client Application strictly for internal use by such End Users, and not for resale or further distribution by such End Users or to provide services to any third party; and (iv) if the methods through which FullContact Data are provided to Client involve use of APIs within the Client Application, to use and access the API pursuant to the API License Terms set forth in Exhibit A attached hereto. If the FullContact Data is made commercially available by Client to external End Users through a Client Application, then the rights and limitations applicable to distribution of the Client Application will be specified in the applicable Order Form and included in the End User Agreement. Client shall remain fully responsible for any breach of the terms of this Agreement by any End Users or any permitted third party through which any such Client Application is distributed, licensed or sold.

Restrictions. Client will not use, and will require any End Users not to use, FullContact Data (i) for cookie tracking, ad exchanges, ad networks, data brokerages, or sending electronic communications (including email) in violation of Applicable Law; (ii) to determine any person's employability, credit worthiness, credit standing, credit capacity, or other characteristics related to such person's manner or mode of living, as listed in Section 603(d) of the Fair Credit Reporting Act; or (iii) in any manner that exceeds the scope of the licenses granted hereunder or the limits or restrictions set forth in an Order Form, including any use of FullContact Data that has not been approved by FullContact in an Order Form as required by Section 3.c. As a condition to the licenses granted to Client hereunder, Client agrees that at all times during the Subscription Term the Client Application must provide significantly additional data, content and functionality than that provided by the FullContact Data alone. The licenses granted herein will be further subject to those limits and restrictions set forth in an Order Form, specific use case limitations, rate restrictions, data cache limits or limits on the permissible number of API calls.

Approval of Use Case. Prior to use of any FullContact Data in a Client Application, Client will submit to FullContact a proposal outlining the use of FullContact Data into the Client Application. FullContact must approve the integration of the FullContact Data into the Client Application for such uses by incorporating such usage terms into a signed Order Form: (i) before initial launch of each Client Application; (ii) before launch of any new Client Application or material change to an existing Client Application, including without limitation allowing any elevated access to FullContact Data in a previously-approved Client Application; and (iii) before any changes are made to the Client Application if such changes expand the use of FullContact Data beyond the originally approved Client Application. If FullContact does not sign such Order Form with the included usage terms, then Client will not be permitted to integrate and use the FullContact Data for such uses.

4. Application Policy and Standards.

If the FullContact Data is made available by Client through a Client Application, then the following provisions apply:

Client Application Policy. Client is solely responsible and liable for the Client Application and for supporting the Client Application. The Client Application shall not: (i) violate any third-party rights (including any intellectual property rights), any Applicable Laws (including any privacy laws), the Client Privacy Policy (if applicable), or any of the restrictions set forth in Section 3.b hereof; (ii) contain any tortious, threatening, harmful, defamatory or intentionally misleading, pornographic, obscene, or patently offensive content; (iii) promote racism, bigotry, hatred, or physical harm of any kind against any group or individual; (iv) knowingly transmit or introduce any computer viruses, worms, or any software intended to interfere with, damage or alter a computer system or data; or (v) harvest, collect, gather or assemble information or data regarding any End User or other individuals, including email addresses, without their consent (collectively, the “FullContact Application Policy”). FullContact shall have the right, but not the obligation, at any time to monitor or review the Client Application at any time and may reject the Client Application and immediately cease to provide FullContact Data for use in the Client Application if it determines, in good faith, that such Client Application does not comply with the FullContact Application Policy or does not satisfy any of the other criteria or requirements set forth herein. Strict compliance with this section is a condition of the licenses in this Agreement and a material requirement of this Agreement.

End User Agreement. If the FullContact Data is made available by Client to external End Users through a Client Application, the Client Application shall be licensed or made available to such End Users pursuant to a binding written agreement between Client and End User that includes the following terms (the “End User Agreement”): (i) the End User agrees not to use any FullContact Data (whether alone or in combination with any other data) in any manner that violates the FullContact Application Policy, or any of the restrictions set forth in Section 3.b hereof or the applicable Order Form; (ii) the End User agrees to provide commercially reasonable physical and logical security controls to prevent security breaches or unauthorized access to FullContact Data that End User is authorized to download from the Client Application; (iii) except as otherwise set forth in an Order Form, all rights to FullContact Data are limited to use within the Client Application; (iv) all rights to FullContact Data automatically terminate upon termination of the applicable Subscription Term or upon the earlier termination of the applicable Order Form or this Agreement; (v) the End User agrees to delete all FullContact Data upon termination of the license, other than any Data Output that has been derived from FullContact Data in compliance with the terms of this Agreement prior to the termination or expiration date; and (v) if Submitted Information is provided to FullContact by Client, the End User grants to Client all rights (including consents and licenses) to any Submitted Information that the End User provides to Client that are necessary for Client to grant FullContact the license to use its Submitted Information (as described in Section 5.a of this Agreement).

Attribution of Source and Use of Marks. If specified in an Order Form, Client may be required to provide attribution to FullContact as the source of the FullContact Data within the Client Application in a form and manner to be agreed to by the parties. In addition, the parties may conduct joint marketing and promotional activities for the Client Application and, if so, the parties will mutually agree in writing to all terms and conditions applicable to the use of each party’s Marks directly applicable to such purposes. Except as expressly authorized in an applicable Order Form, neither party will make any use of the other party’s Marks in any manner, including any manner that dilutes, tarnishes or undermines the value of the other party’s Marks. Any press release or other publicity announcing or referring to this Agreement or the relationship between the parties, including identification of either party’s website, shall be subject to the prior written approval of the other party.

5. Submitted Information.

If Client provides FullContact any Submitted Information, the following provisions shall apply to such Submitted Information.

License to Submitted Information. Client hereby grants FullContact a perpetual, irrevocable, non-exclusive, royalty-free, transferable license to reproduce and use Submitted Information in connection with the provision of FullContact Data Services to FullContact’s customers generally, provided that FullContact will (i) not resell or distribute any Submitted Information that is not Public Data to any third party; (ii) handle all Submitted Information that is comprised of Personal Data in the same manner as required for “Personal Data” under the terms of the FullContact Privacy Policy; and (iii) not disclose that Client is the source of any Submitted Information or any connection between any individual who is the subject of Submitted Information and any products or services provided by Client.

Submitted Data Representations. Client represents and warrants to FullContact that (i) if Submitted Information is collected from customers or users of any Client website or service, including End Users of a Client Application, Client will at all times maintain a Client Privacy Policy that is associated with or linked to the Client website, service and/or Client Application, which policy complies with all Applicable Laws and which clearly and accurately describes the processing, use and disclosure of Submitted Information as contemplated herein; (ii) Client has obtained or possesses all rights necessary, including any third party consents required under Applicable Laws, to authorize FullContact to use the Submitted Information for the purposes contemplated hereunder and to grant FullContact the licenses set forth under Section 5.a; (iii) Client’s collection and disclosure of Submitted Information for the uses contemplated hereunder complies with all Applicable Laws and, if applicable, the Client Privacy Policy; and (iv) Client will promptly notify FullContact of any notice from (A) any governmental agency or regulatory authority alleging that the use of any Submitted Information violates Applicable Law, and/or (B) any individual whose Personal Data is included in the Submitted Information demanding deletion of any data included in the Submitted Information or challenging the use or accuracy of such data. Client agrees not to transmit or upload to FullContact, and the Submitted Information will not include, any individually identifiable health information (as that term is defined in accordance with Health Insurance Portability and Accountability Act, as amended), debit or credit card information, bank account information, social security number, driver’s license information, or government ID information about any individual.

6. Confidentiality and Security Requirements.

Confidential Information. Each party agrees that all business, technical and financial information that is designated as “Confidential” or “Proprietary,” or is disclosed in a manner that a reasonable person would understand the confidentiality of the information disclosed are the confidential property of the disclosing party and its licensors (“Confidential Information”). The receiving party will hold in confidence and not use or disclose any Confidential Information of the disclosing party, except in connection with the exercise of rights granted or performance of such party’s obligations under this Agreement. The receiving party shall not be obligated under this Section 6 with respect to information if the receiving party can document such information: (i) is or has become readily publicly available through no fault of the receiving party or its employees or agents; (ii) is received from a third party lawfully in possession of such information and the receiving party has no knowledge of any disclosure restrictions which prohibit such third party from disclosing such information; (iii) was rightfully in the possession of the receiving party without restriction prior to its disclosure by the other party; or (iv) was independently developed by employees or consultants of the receiving party without use of or reliance on such Confidential Information. The receiving party may disclose Confidential Information if it is compelled by law to do so, provided the receiving party gives the disclosing party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance if the disclosing party wishes to contest or limit such disclosure.

Security and Privacy of Personal Data. Each party recognizes that any data received from the other party in connection with the FullContact Data Services may include Personal Data, which both parties desire to keep secure and free from unauthorized access or use. Accordingly, the receiving party shall (i) provide commercially reasonable physical and logical security controls to prevent security breaches or unauthorized access to such Personal Data; (ii) promptly notify the disclosing party of any breaches, or other unauthorized activities relative to the use of such Personal Data of which it becomes aware; and (iii) maintain complete and accurate books and records of account with respect to all of its activities under this Agreement and all disclosures and transactions relating to such Personal Data during the term and for a period of at least two years after termination or expiration of this Agreement. Further, to the extent such Personal Data is considered “personal data” and is subject to regulation under the EU Data Protection Directive 95/46 or Swiss Federal Data Protection law, the receiving party shall either certify its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework administered by the International Trade Administration of the U.S. Department of Commerce (the “Privacy Shield”) or contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

Security Audits. Each disclosing party or its designee (the “Auditing Party”) shall have the right at any time following the date of this Agreement, but no more than once every twelve (12) months, to audit the receiving party’s use of Personal Data, security controls relative to the Personal Data and related activity logs during normal business hours upon ten (10) business days prior written notice to the receiving party. The foregoing notwithstanding, no such limitations on audit frequency or prior written notice shall be required if any governmental authority requires such audit. Before any Auditing Party’s designee will be permitted access to the other party’s applicable books and records hereunder, such designee must have signed and delivered to the party being subjected to audit a commercially reasonable confidentiality agreement. The nondisclosure obligations of this Section 6 shall apply to the Auditing Party with respect to all Confidential Information (including any Personal Data) reviewed or disclosed in any audit.

Injunctive Relief. Each party acknowledges that any unauthorized use of the of the other party’s Confidential Information under this Section 6 will cause irreparable harm and injury to the other party for which there is no adequate remedy at law. In addition to all other remedies available under this Agreement, at law or in equity, each party further agrees that the other party shall be entitled to seek injunctive relief in the event the other party is in breach or has violated the terms set forth in this Section 6.

7. Fees; Taxes.

Client will pay all fees applicable to the FullContact Data Services provided by FullContact set forth in each Order Form entered into by the parties. FullContact will periodically issue invoices to Client for all amounts payable, and such invoices shall be due and payable within fifteen (15) days after invoice date unless otherwise expressly provided in an Order Form. If Client fails to pay any past due invoice within ten (10) days after Client’s receipt of a past due notice from FullContact, FullContact may revoke or suspend FullContact Data Services until such time as Client brings its account completely current. Any invoiced amounts not subject to a good faith dispute that are not paid when due will be subject to finance charges equal to 1.5% of the unpaid balance per month or the highest rate permitted by applicable law, whichever is less, determined and compounded monthly from the date due until the date paid. If Client fails to timely pay an invoice as set forth in this Section 7 or an in applicable Order Form on two (2) or more occasions, FullContact may, in addition to any other remedies that FullContact may have and upon written notice to Client, modify the payment terms to require pre-payment of any or all fees payable under any Order Forms then outstanding or entered into in the future, or require other assurances to secure Client’s payment obligations hereunder. Client must notify FullContact of any disputed amounts in any invoice (in writing) no later than thirty (30) days after the invoice date, otherwise the amount invoice shall be conclusively deemed correct by the parties. Other than net income taxes imposed on FullContact, Client will bear all taxes, duties, and other governmental charges with respect to the licenses and services provided under this Agreement. Client will reimburse any costs or expenses (including, but not limited to, collection agency fees, reasonable attorneys’ fees and court costs) incurred by FullContact to collect any amount that is not paid when due upon receipt of an invoice therefor.

8. Term and Termination; Data Deletion; Survival.

This Agreement will commence upon the Effective Date and continue until the applicable Subscription Term for each Order Form has expired, unless each Order Form is earlier terminated in accordance with the terms of the applicable Order Form or this Agreement is earlier terminated as set forth herein.

Either party may terminate this Agreement, effective immediately upon written notice to the other party, if such party breaches any provision of this Agreement and does not cure the breach within thirty (30) days (or ten (10) days with respect to Client’s payment obligations under Section 7) after receiving written notice thereof; provided, however, FullContact may terminate this Agreement, effective immediately upon written notice to Client without any opportunity to cure, if Client breaches any of the provisions of Sections 3.b, 4.a, 5.b or 6 hereof. Upon the termination of this Agreement for any reason, all Order Forms shall automatically terminate. Upon expiration of the Subscription Term or the earlier termination of this Agreement, all licensed rights granted in this Agreement to Client will immediately terminate.

Upon termination or expiration of this Agreement, Client will irrecoverably delete, and shall cause any End Users to delete, any and all FullContact Data and Client will be required to execute the Data Deletion Acknowledgement in the form of Exhibit B attached hereto; provided that Client and any End Users will not be required to delete any data that was already in Client’s possession prior to obtaining the same data from FullContact (as FullContact Data) hereunder, or any Data Output that has been derived from FullContact Data in compliance with the terms of this Agreement prior to the termination or expiration date. FullContact may, upon reasonable advanced notice to Client, audit Client’s compliance with this requirement at any time within a two-year period following expiration or termination of this Agreement.

Sections 5.a, 6, 8, 9, 10.c, 11 and 12, as well as Client's obligation to pay any fees applicable to the balance of the Client's then-current Subscription Term, will survive any expiration or termination of this Agreement for any reason.

9. Indemnity.

Indemnity by Client. Client agrees to defend, indemnify and hold FullContact (and its officers, directors, employees, agents, successors and assigns) harmless from any claims, demands, actions, suits, investigations or proceedings brought by a third party (“Claims”) and all resulting judgments, settlements, damages, losses, costs, fees (including reasonable attorneys' fees and court costs) and expenses (“Losses”) due to or arising out of (i) Client’s breach or violation of any of the terms of this Agreement or any breach of its representations or warranties set forth herein; and/or (ii) Client’s violation of Applicable Laws (including any privacy laws) in connection with its activities hereunder or its use or distribution of FullContact Data, excluding any such Claims to the extent based on or arising out of any cause or circumstance for which FullContact must indemnify Client under Section 9.b hereof. Client shall further indemnify FullContact (and its officers, directors, employees, agents, successors and assigns) from and against any Losses due to or arising out of Client's violation of the license terms and restrictions set forth in Section 3 and in any Order Form. As a condition of the above indemnity, at Client’s expense, Client shall have the right to assume the exclusive control of the defense and settlement of any Claims and FullContact agrees to cooperate with its defense of such Claims; provided that Client will not agree to any settlement that grants any licenses, imposes any ongoing obligations on FullContact (other than the payment of money) or that does not include a general release of all claims against FullContact without the prior written consent of FullContact; provided further that if Client fails to assume the defense of such Claim or fails to diligently defend such Claim, FullContact may assume the control and defense of such Claim at Client’s expense. FullContact will use reasonable efforts to notify Client of any such Claim promptly upon becoming aware of it.

Indemnity by FullContact. FullContact agrees to indemnify and hold Client (and Client’s officers, directors, employees, and agents) harmless from any Claims and resulting Losses incurred by Client that are due to or arising out of any allegation that Client’s use of FullContact Data as provided to Client by FullContact hereunder in accordance with the terms and conditions of this Agreement, infringes or violates the rights of any third party (including any rights under applicable privacy laws), any Applicable Laws or the FullContact Privacy Policy; excluding any such Claims to the extent based on or arising out of any cause or circumstance for which Client must indemnify FullContact under Section 9.a hereof. As a condition of the above indemnity, at FullContact’s expense, FullContact shall have the right to assume the exclusive control of the defense and settlement of any such Claim and Client agrees to cooperate with FullContact’s defense of these Claims; provided that FullContact will not agree to any settlement that grants any licenses, imposes any ongoing obligations on Client (other than the payment of money) or that does not include a general release of all claims against Client without the prior written consent of Client. Client will use reasonable efforts to notify FullContact of any such Claim promptly upon becoming aware of it. In the event that any FullContact Data becomes subject to a Claim that is subject to the terms of this Section 9.b, FullContact shall at its option either (i) modify the FullContact Data so as to avoid any alleged infringement or violation; (ii) obtain any rights required to avoid such alleged infringement or violation; or (iii) terminate this Agreement or any Order Form with respect to such FullContact Data and refund to Client any prepaid fees applicable to the remainder of the then-current Subscription Term. THIS SECTION 9.B STATES FULLCONTACT’S ENTIRE LIABILITY AND CLIENT’S EXCLUSIVE REMEDY FOR ANY THIRD PARTY CLAIMS PERTAINING TO THE FULLCONTACT DATA.

10. Limited Warranty; Disclaimers.

Limited Service Warranty. FullContact warrants during each applicable Subscription Term that: (i) it will use commercially reasonable efforts to provide the FullContact Data Service and the FullContact Data and any updates thereto in accordance with the requirements set forth in each Order Form; and (ii) if the methods through which FullContact Data are provided to Client involve use of FullContact APIs, the FullContact Data Service will meet the terms of the Service Level Agreement set forth in Exhibit C (the “SLA”) in all material respects, subject to all limitations set forth in the SLA. As Client’s sole remedy and FullContact’s sole liability for a breach of the foregoing warranties, FullContact shall either (A) re-perform the deficient FullContact Data Services or correct or replace any deficient FullContact Data, as applicable, or (B) provide those specific remedies set forth in Exhibit C for any failure to meet the terms of the SLA.

Data Warranty. FullContact represents and warrants to Client that (i) FullContact will at all times maintain the FullContact Privacy Policy, which complies with all then-current Applicable Laws and which clearly and accurately describes the processing, use and disclosure of FullContact Data as contemplated herein; (ii) FullContact has obtained or possesses all rights necessary (including any third party consents required under Applicable Laws) to authorize Client to use the FullContact Data for the purposes contemplated hereunder and to grant Client the licenses set forth under Section 3.a; (iii) FullContact’s collection and disclosure of FullContact Data for the authorized uses contemplated hereunder complies with all Applicable Laws and, if applicable, the FullContact Privacy Policy; and (iv) FullContact will promptly notify Client of any notice from (A) any governmental agency or regulatory authority alleging that the use of any FullContact Data violates Applicable Law, and/or (B) any third party or individual whose Personal Data is included in the FullContact Data demanding deletion of any data included in the FullContact Data or challenging the use or accuracy of such data.

EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED BY FULLCONTACT HEREUNDER, THE FULLCONTACT DATA AND FULLCONTACT DATA SERVICES ARE PROVIDED “AS-IS” AND “AS AVAILABLE” AND FULLCONTACT (AND ITS SUPPLIERS) EXPRESSLY DISCLAIM ANY WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT. FULLCONTACT MAKES NO WARRANTY THAT FULLCONTACT DATA SERVICES (A) WILL MEET CLIENT’S REQUIREMENTS; OR (B) WILL BE AVAILABLE ON AN UNINTERRUPTED, FULLY SECURE, OR ERROR-FREE BASIS.

11. Limitation on Liability.

IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT OR THE USE OF, OR INABILITY TO USE, ANY PRODUCTS, DATA OR SERVICES PROVIDED HEREUNDER, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, FULLCONTACT’S LIABILITY TO CLIENT FOR ANY DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT, FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO AMOUNTS CLIENT HAS PAID FULLCONTACT IN THE 12 MONTHS PRIOR TO THE DATE THE CLAIM FOR DAMAGES AROSE. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. THE FOREGOING LIMITATIONS SHALL NOT APPLY TO A BREACH OF EITHER PARTY’S OBLIGATIONS UNDER SECTION 6 HEREOF, OR LIMIT EITHER PARTY’S OBLIGATIONS TO INDEMNIFY THE OTHER PARTY UNDER THE TERMS OF SECTION 9 HEREUNDER.

12. General.

Notices. All notices issued under this Agreement shall be in writing and shall be deemed to have been duly given when personally delivered, sent by any nationally recognized overnight courier service, electronic mail or by registered or certified mail, postage prepaid, to the following address or to such other person at such other address or may be designated by the parties hereto in writing and notice thereof duly given:

If to Client, to the address set forth in the most recent Order Form. If to FullContact:

FullContact, Inc.

1755 Blake Street, Suite 450

Denver, Colorado 80202

Attention: Chief Financial Officer

Telephone: (888) 330-6943

Email: contracts@fullcontact.com

Assignment. Neither party may assign any rights or obligations arising under this Agreement, whether by operation or law or otherwise, without the prior written consent of the other; except that FullContact may assign this Agreement, without Client’s consent, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. The parties agree and anticipate that FullContact may fulfill its obligations under this Agreement through subcontractors, including its third party cloud-based hosting provider. This Agreement shall inure to the benefit of and shall be binding on the permitted successors and assignees of the parties. Any attempted transfer or assignment hereof in violation hereof is null and void.

Force Majeure. Except for the obligation to pay money, neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder on account of strikes, shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, labor conditions, earthquakes, material shortages or any other cause which is beyond the reasonable control of such party.

Governing Law; Attorney’s Fees. This Agreement shall be governed by and construed in accordance with the laws of the State of Colorado without giving effect to principles of conflict of laws that would require the application of the laws of a different jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement. If a dispute arising under this Agreement results in litigation, the non-prevailing party shall pay the court costs and reasonable attorneys’ fees of the prevailing party.

Waivers. All waivers must be in writing. Any waiver or failure to enforce any provision of the Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

Severability. If any provision of the Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.

Independent Contractors. Each party’s relationship to the other is that of an independent contractor, and neither party is an agent of the other. Any use of the term “partner” herein or in any communication by or between the parties or on their individual or joint behalf to describe their relationship is intended solely in the colloquial sense of a valued business relationship, and does not indicate the existence of or an offer to enter into a legal partnership, joint agency, or other relationship involving common ownership or joint and/or several liability. Neither party will have, and will not represent to any third party that it has, any authority to act on behalf of the other party.

Entire Agreement. This Agreement, the Exhibits attached hereto and each Order Form entered into by the parties constitutes the entire agreement between Client and FullContact and supersedes and replaces all prior agreements, representations, warranties, statements, promises, information, arrangements and understandings, whether oral or written, express or implied, with respect to the subject matter hereof. In the event of any conflict between this Agreement and the terms of any Order Form, this Agreement shall control unless the Order Form explicitly states that a particular provision supersedes a conflicting provision in this Agreement.

Counterparts. This Agreement may be executed in counterparts, each of which will be considered an original, but all of which together will constitute the same instrument.

Exhibit A - API License Terms

To the extent Client’s access to FullContact Data is provided through FullContact APIs pursuant to the Services Agreement (the “Agreement”) by and between Client and FullContact, of which this Exhibit A forms a part, as specified in an Order Form, the following terms shall apply. All capitalized terms not otherwise defined herein will have the meaning set forth in the Agreement:

As used in this Exhibit A:

“API Documentation” means the documentation and specifications for APIs that are published by FullContact from time-to-time at https://docs.fullcontact.com/api.

“API Key” means the code provided by FullContact that permits Client to access the API.

API License. Subject to the terms and conditions of this Agreement, during the applicable Subscription Term, or the earlier termination of the Agreement or any Order Form providing for the access by Client of the API, FullContact hereby grants to Client a limited, non-exclusive, non-transferable, license to: (a) use the API Key to access and incorporate the API as part of the Client Application; (b) internally use, perform, display, reproduce the API solely as necessary to develop, maintain and support the Client Application, in accordance with the specifications included in the API Documentation; and (c) to the extent permitted in Client’s approved use case, reproduce and distribute copies of the API, in executable code form only, solely as incorporated into the Client Application to End Users pursuant to an End User License Agreement.

Restrictions. Client agrees not to (i) reverse engineer or attempt to extract the source code from any API or any related software, except to the extent that this restriction is expressly prohibited by Applicable Law; (ii) disclose, distribute, sublicense, lease, rent, loan, resell or otherwise transfer the API source code, the data received from the API (other than those elements incorporated into the Client Application) or the API Key to any third party; or (iii) use the API or API Keys in any manner that exceeds the scope of the licenses granted hereunder or the limits or restrictions set forth in an Order Form. Client must reproduce, on all copies made by or for Client, and must not remove, alter, or obscure in any way all proprietary rights notices (including copyright notices) of FullContact or its suppliers on or within the copies of the API. FullContact may, at its sole discretion, release subsequent versions of the API and require Client to obtain and use the most current version.

Exhibit B - Data Deletion Acknowledgment

This Data Deletion Acknowledgment is being provided by ___ (“Client”) pursuant to the requirements of that certain Services Agreement (the “Agreement”) entered into by and between Client and FullContact, Inc. (“FullContact”) upon expiration or termination of the Agreement. Capitalized terms not otherwise defined in this Acknowledgement have the meanings given such terms in the Agreement.

The undersigned hereby acknowledges that he/she has the authority to acknowledge on behalf of Client that Client has ceased to use and irrevocably deleted, and has caused any of its End Users to cease to use and irrevocably delete, all FullContact Data, other than data that was already in Client’s possession prior to obtaining the same data from FullContact (as FullContact Data) under the Agreement, or any Data Output that has been derived from FullContact Data in compliance with the terms of the Agreement prior to the termination or expiration date of the Agreement. The undersigned further acknowledges that Client will grant any necessary access to Client’s databases to FullContact personnel to verify the accuracy of this acknowledgement for the two-year period following the termination or expiration date of the Agreement.

Exhibit C - Service Level Agreement

This Service Level Agreement (“SLA”) applies to the FullContact Data Services provided to Client through FullContact APIs pursuant to the Services Agreement (the “Agreement”) by and between Client and FullContact, to which this SLA is attached as an Exhibit and forms a part thereof. All capitalized terms not otherwise defined herein will have the meaning set forth in the Agreement.

Uptime Commitment. The FullContact Data Services will be available for 99.5% of the time during each calendar month (“Uptime”). Uptime will not include periods the FullContact Data Services are unavailable due to: (i) Routine Maintenance (defined below); (ii) Urgent Maintenance (defined below); (iii) the negligence, acts or omissions of Client or its End Users, any of the employees, contractors, or agents of Client or its End Users; (iv) the failure or malfunction of equipment, network, software, applications or systems not owned or directly controlled by FullContact; (v) any third party or public network or systems unavailability; (vi) circumstances or causes beyond the control of FullContact, including, without limitation, force majeure events and third party attacks on the FullContact network (such as ping and denial of service attacks); or (vii) Client’s (or any End User’s) breach of the terms of the Agreement, including this SLA (collectively, “Exclusions”).

Maintenance. FullContact will occasionally perform modifications and upgrades to the FullContact Data Services (“Routine Maintenance”). Routine Maintenance ordinarily will not cause an interruption of the Services, but it may increase the risk of an interruption. FullContact will make reasonable efforts to limit interruption to no more than 15 minutes in any calendar week, and to limit Routine Maintenance to two hours in any calendar week. FullContact will also strive to schedule Routine Maintenance during times that have the least potential impact on Client. If FullContact determines that immediate maintenance on the Services is required (“Urgent Maintenance”), FullContact can perform such Urgent Maintenance at any time and for any period of time (as determined by FullContact), and FullContact will provide Client with notice of Urgent Maintenance as soon as reasonably practicable under the circumstances.

Remedy. If FullContact does not meet the Uptime commitment set forth above for a given calendar month, FullContact will, as its sole obligation therefor and Client’s sole remedy, provide a credit to Client that equals half of Client’s invoice for the FullContact Data Services in the immediately previous calendar month; provided that credits will not be offered if the FullContact Data Services are unavailable as a result of any of the Exclusions enumerated above.

Frequently Asked Questions

1. What is GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The series of laws builds on an earlier policy, the Data Protection Directive, which Europe adopted in 1995. The GDPR aims primarily to give control to residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

2. What steps does FullContact take to secure Personal Data?

FullContact places a premium on staying at the forefront of privacy and security practices. FullContact is SOC2 Type 1, PCI, Cloud Security Alliance, and U.S.-EU/Swiss Privacy Shield compliant, and employs a GDPR (CIPP/E) certified executive as part of its corporate leadership.

3. What is considered 'personal data'?

According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. What is 'client personal data'?

'Client personal data' is any 'personal data' that a Client sends or otherwise makes available to the FullContact Platform for processing.

5. Can I control the data FullContact has about me?

Yes, you can. Simply click on the “Own Your Personal Data” button in the left sidebar to access and modify your data.

6. What does a Data Protection Officer do? Does FullContact have a Data Protection Officer?

The Data Protection Officer (DPO) informs and advises FullContact on its obligations pursuant to GDPR; monitors compliance in relation to the protection of personal data (including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits); provides advice on data protection impact assessments; and cooperates with the supervisory authority.

FullContact was one of the first companies to have a GDPR (CIPP/E) certified executive, Hector Rodriguez, who has been designated our Data Privacy Officer. The CIPP/E is the first professional credential specific to European data protection professionals that is part of a comprehensive, principles-based framework and knowledge base in information privacy. Learn more.

FullContact data products and services are GDPR compliant. For our data-products, the customer must execute a Data Processing Addendum (DPA). A Private Plan is also an option available for additional privacy protection, so no private data is ever stored in our data co-op and use of 3rd party sub-processors, with the exception of Amazon Web Services (AWS), is restricted.

8. What client personal data is covered under the GDPR?

Only personal data of EEA data subjects is covered under GDPR. However, because it is often difficult to determine whether or not personal data belongs to an EU data subject, for Clients on the Private Plan, FullContact treats all client personal data as if it falls under GDPR.

9. Does a Client on the Private Plan contribute to the data co-op?

No, the Private Plan (which is currently required for GDPR compliance) does not allow for participation in the data co-op.

10. Can a Client be on the Private Plan and also opt-in to using Data Add-Ons?

The following Data Add-Ons are available to customers on the Private Plan: Affinities, All Social, Demographics, Email Hash, Employment History, Key People.

11. What does FullContact do with the personal data that a Client submits (e.g., a query to the FullContact API)?

Clients send client personal data (such as one or more personal identifiers) to FullContact when making an API request or providing a customer file for matching. API queries are logged in order to honor our contractual obligations related to fair billing. However, the log files of Private Plan clients record only the minimum query fields necessary for billing purposes and any client personal data is secured by encryption.

12. How does FullContact comply with the GDPR requirement for a processor to provide a list of sub-processors?

We do not use any sub-processors for Clients who have executed a DPA, except for FullContact's hosting provider, Amazon Web Services, with all relevant AWS data centers used by FullContact being located in the United States of America.

16. Where does FullContact store my data?

Our data is stored on Amazon Web Services (AWS) servers that are located in the United States.

17. As a FullContact Apps user, how can I control the use of my contact data?

As an Apps user in the EU, you can alter how FullContact uses your data at any time by adjusting your consent in the Privacy Settings which can be found in Settings screen in all apps (or Preferences in FullContact for Mac), or by visiting the following page: https://app.fullcontact.com/account/privacy.

Archive

We want to be as transparent as possible about the changes we make to our Privacy Center. In this archive you can see the previous versions of the policy.